Hackers exploit bug in WordPress gift card plugin with 50K installs
Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites. YITH WooCommerce Gift Cards…
Month: December 2022
NodeBB prototype pollution flaw could lead to account takeover
‘Not a prototype pollution vulnerability as you might normally understand it’ NodeBB, a Node.js platform for creating forum applications, has patched a prototype pollution vulnerability…
Lensa AI and ‘Magic Avatars’: What to Know Before Using the App
Has the stale selfie that’s served as your profile picture gone a little too long without a refresh? You’ve likely seen friends using the Lensa AI app to…
New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure
Dec 19, 2022Ravie LakshmananData Security / Endpoint Security A Rust variant of a ransomware strain known as Agenda has been observed in the wild, making…
The Week in Ransomware – December 23rd 2022
Reports this week illustrate how threat actors consider Microsoft Exchange as a prime target for gaining initial access to corporate networks to steal data and…
JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs
John Leyden 09 December 2022 at 13:17 UTC Updated: 15 December 2022 at 17:06 UTC Five vendors act to thwart generic hack Security researchers have…
Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking
Apache had to scramble at the beginning of December 2021 to be ready to release patches for Log4Shell when it publicly disclosed the situation on…
New info-stealer malware infects software pirates via fake cracks sites
A new information-stealing malware named ‘RisePro’ is being distributed through fake cracks sites operated by the PrivateLoader pay-per-install (PPI) malware distribution service. RisePro is designed…
ChatGPT bid for bogus bug bounty is thwarted
Improving large language models offer ‘just one more way to attack code, and one more way to defend code’ A supposed security researcher has tried…
Attackers Keep Targeting the US Electric Grid
We at WIRED have written plenty about the threat that cyberattacks pose to power grids worldwide. But lately, the most significant attacks on electrical systems…
Glupteba Botnet Continues to Thrive Despite Google’s Attempts to Disrupt It
Dec 19, 2022Ravie LakshmananBlockchain / Botnet The operators of the Glupteba botnet resurfaced in June 2022 as part of a renewed and “upscaled” campaign, months…
Hacker claims to be selling Twitter data of 400 million users
A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They’re…